-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

RFC-2350: CSIRT Description for OS-CERT
- ---------------------------------------

   1. About this document

   1.1 Date of Last Update

        This is version 1.01, 2019-04-10.

   1.2 Distribution List for Notifications

        Members of the constituency are informed of changes through their
        closed channels.

   1.3 Locations where this Document May Be Found

        The current version of this CSIRT description document is
        available on the teams website: https://www.open.ch/os-cert
        Please make sure you are using the latest version.

   1.4 Authenticating this Document

        This document has been signed with OS-CERT's PGP key detailed under 2.8.

   2. Contact Information

   2.1 Name of the Team

        "OS-CERT": Open System Computer Emergency Response Team.

   2.2 Address

        OS-CERT
        Open Systems AG
        Räffelstrasse 29
        CH-8045 Zurich
        Switzerland

   2.3 Time Zone

        Central European:
        Standard        CET  GMT+0100
        Daylight saving CEST GMT+0200
        Change date: CET -> CEST: 1 am UTC last Sunday of March
                     CEST -> CET: 1 am UTC last Sunday of October

   2.4 Telephone Number

        +41 58 100 12 34

   2.5 Facsimile Number

        +41 58 100 10 11 (this is *not* a secure fax)

   2.6 Other Telecommunication

        Video conferencing is available on request.

        Members of the constituency have access to closed, secure communication
        and collaboration platforms.

   2.7 Electronic Mail Address

        os-cert@open-systems.com  will reach the team mailbox which is
        monitored during working hours.

   2.8 Public Keys and Other Encryption Information

        OS-CERT has a PGP key, whose KeyID is 42AC9CF0 77C8FD22 and
        whose fingerprint is
          E10B 0B4F 5316 8EBF A8E8  B174 42AC 9CF0 77C8 FD22.
        The key and its signatures can be found on the public key servers as
        well as on the teams web site: https://www.open.ch/os-cert

   2.9 Team Members

        OS-CERT is operated by a core team of dedicated staff backed up
		by vetted engineers from within the company. 

   2.10 Other Information

        General public information about OS-CERT is found on the Web site:
          http://www.open.ch/os-cert

   2.11 Points of Customer Contact

        Normal contact is through e-mail using the address os-cert@open-systems.com.
        In urgent cases and emergencies customers as well as other CERTs can
        use the phone numbers given above.

        OS-CERT follows standard Swiss office-hours on working days:
          8:00 - 18:00
        Outside of these hours as well as on weekends, public holidays in
        Zurich and the days between Dec. 23 and Jan. 3, services are offered on
        a best effort basis and are not guaranteed. Outside office hours Open 
		Systems Mission Control Services may be contacted:
		e-mail: support@open-systems.com (please CC os-cert@open-systems.com)
		Phone:
		Toll free Switzerland: +800 00 724 000
		Toll free US: 1-800-724-2407
        All others: +41 58 100 11 11
        Please state that this is a call concerning OS-CERT
		

   3. Charter

   3.1 Mission Statement

        Customers suffer no or lower damage from incidents by using OS-CERTs
		proactive and reactive services. Customers critical IT-infrastructure is
		protected by OS-CERT.

        OS-CERT provides support to third parties for problems originating
        in AS9092.

   3.2 Constituency

        OS-CERT exclusively serves customers of Open Systems AG.

   3.3 Sponsorship and/or Affiliation

        OS-CERT is operated by Open Systems AG.

   3.4 Authority

        OS-CERT coordinates security incidents for its constituency.  It
        does not have any formal authority over constituency members. Rather,
        it is operating in an advisory capacity.

   4. Policies

   4.1 Types of Incidents and Level of Support

        Incidents are prioritised according to their severeness.  Incidents
        directly affecting members of the constituency are treated with higher
        priority.

   4.2 Co-operation, Interaction and Disclosure of Information

        All requests to OS-CERT are treated with due care.  OS-CERT
        adheres to the traffic light protocol v 1.0 (TLP) as described by FIRST.  See
        https://www.first.org/tlp
        for a description.  Classified messages should be tag in the subject as
        [TLP Color].  A similar stamp should be clearly visible in other
        documents, such as PDF files etc, sent to OS-CERT.  If contact is
        through phone or video conference, the TLP classifications should be
        stated prior to the delivery of the information.

        It is recommended to encrypt sensitive information with the PGP key
        mentioned above.  Unless required by law, OS-CERT will never
        release information provided by third parties without their consent.
        Other encryption methods are available upon request. 

   4.3 Communication and Authentication

       See 4.2. To ensure authenticity of information use PGP signatures.

   5. Services

   5.1 Incident Response

        OS-CERT will assist its customers in the areas described below.
        OS-CERT requires an official security contact from each member of
        its constituency. In particular, it will provide assistance or
		advice with respect to the following aspects of incident management:

   5.1.1 Incident Triage

            - Investigating whether indeed an incident occurred.
            - Does the incident belong to OS-CERTs constituency.
            - Determining the extent of the incident.

   5.1.2 Incident Coordination

            - Analyse available information, particularly log information for signs of compromise.
            - Contact affected the organisations.
            - Coordinate with other sites which may be involved in an incident.
            - Support affected organisations with intelligence and
              additional information needed to resolve the incident.
            - Perform specialised tasks, such as forensic analysis, malware
              reverse engineering etc. if requested and needed.

   5.1.3 Incident Resolution

            - OS-CERT will assist customers resolving incidents.

   5.2 Monitoring

            - OS-CERT will monitor the perimeter as well as internal systems of customers if authorized. 
            - OS-CERT monitors open source intelligence if feasible.

   5.3 Proactive Activities

        OS-CERT provides the following proactive services:

          - Information services
            - Situational awareness
			- Reporting 

          - Training services
            - OS-CERT provides trainings for its customers.

   6. Incident Reporting Forms

        No are available

   7. Disclaimer
   
        While every precaution will be taken in the preparation of
        information, notifications and alerts, OS-CERT assumes no
        responsibility for errors or omissions, or for damages
        resulting from the use of the information contained within.       

        

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEa65lb9pmRg821O92Jk7dXJ0xTTIFAlyt8dwACgkQJk7dXJ0x
TTLtyg/+NxxNb/s0bOr/U34DvyqVCWeaokQPK8RXa5OjAbeh4wK4EkTEN8zzpen9
zW+9AOkTcIvuYuX3+V9LlppXvZyDD6WVriTccR8je0iLY2EHsTKfNI8zlZ3wG3pc
6WrXLpgCI5nwuPi7E+ZBkCzrsgBNdTE8B2iLM9aJUIwK9GIcKJY4vEvxXPBejx9W
doDPGggPuLnpf6jSHB/IWEk5yeC3NG2Z1TTC2msZc3i4IeFO4zEJfIrqBErIvl32
/314+i3m8rlpaUmmaimxbuOkQ8Q9kcuNZM87jyTAlgoCHRsyEpz1gdEbU0TwYJU1
C1OQelxAemIuF7lydqsClqUDclTE8Lo5/ASgQ+5lqmdnIWqqK3eXk7taaJFSQ00O
y9v0rMtsRjGlCBGpIf0xBLjIU/srfM33wMjS2G++SeNyDyiPkbz8fFDSUbPQ2JCv
qfTwjIZor3ALWKDyVlOqhkMLEgXZtsQQ+j0S5VeUjy4qIvye9pL8JWiveTygngqu
aRKzuZTbFo3TlyVqSQn4UsnKrJDo/1lnhrPpC/bPMckaTL4vnB3y/UZ7AgwTke+8
vTgBm82Sajb9pJZ8luOv6hGtqVrEdpUjIM0sMoBeOjeqAGmoAtOgWNBXq2ILoZdi
2xGNy/KngWwox2tF+/f/6AA64q9kdIya++8QDWt6UO9rmpJJcyE=
=N6oX
-----END PGP SIGNATURE-----